English   Danish

2024/2025  BA-BINTV2010U  Cybersecurity and Privacy

English Title
Cybersecurity and Privacy

Course information

Language English
Course ECTS 7.5 ECTS
Type Elective
Level Bachelor
Duration One Semester
Start time of the course Autumn
Timetable Course schedule will be posted at calendar.cbs.dk
Max. participants 50
Study board
Study Board for BSc/MSc in Business Administration and Information Systems, BSc
Course coordinator
  • Jacob Nørbjerg - Department of Digitalisation (DIGI)
Main academic disciplines
  • Information technology
Teaching methods
  • Face-to-face teaching
Last updated on 29-01-2024

Relevant links

Learning objectives
Upon completion of the course, the student is able to:
  • Understand essential technical aspects of cybersecurity (e.g., Internet protocols, cryptographic methods, firewalls, access controls, etc.) and demonstrate their practical applications.
  • Comprehend fundamental concepts in information security and privacy management.
  • Reflect on various security and privacy issues faced by individuals, organizations, and governments, and propose possible countermeasures and solutions.
  • Develop security and privacy policies.
  • Demonstrate the role of law and ethics within the cybersecurity domain.
  • Develop a holistic understanding of the future of security and privacy in the age of AI.
Course prerequisites
Prerequisites for registering for the exam (activities during the teaching period)
Number of compulsory activities which must be approved (see section 13 of the Programme Regulations): 2
Compulsory home assignments
The students have to get 2 out of 3 assignments approved.
Each assignment is 3-5 pages. One of the assignments is individual and the other two assignments are group-based (group size: minimum 2 and maximum 4 students).

There will not be any extra attempts provided to the students before the ordinary exam. If a student cannot hand in due to documented illness, or if a student does not get the activity approved in spite of making a real attempt, then the student will be given one extra attempt before the re-exam. Before the re-exam, there will be one home assignment (max. 10 pages) which will cover 2 mandatory assignments.
Cybersecurity and Privacy:
Exam ECTS 7,5
Examination form Home assignment - written product
Individual or group exam Individual exam
Size of written product Max. 10 pages
Assignment type Written assignment
Release of assignment The Assignment is released in Digital Exam (DE) at exam start
Duration 2 weeks to prepare
Grading scale 7-point grading scale
Examiner(s) One internal examiner
Exam period Winter
Make-up exam/re-exam
Same examination form as the ordinary exam
Description of the exam procedure

The exam assignment can include questions about the implications of AI for cybersecurity and privacy that require the students to study and work with generative AI.

Course content, structure and pedagogical approach

Individuals and organizations in the modern society depend on computer networks – the so-called Internet. But with this dependency comes vulnerabilities from failures, threats and attacks, and the potential for loss or misappropriation of important data.


This course provides students with a business background with knowledge and understanding of the Internet and the potential threats to individual and organizational security and privacy in our heavily interconnected IT systems. It also provides the students with knowledge about potential countermeasures and how to apply them.


The course combines technical and managerial perspectives on cybersecurity and privacy. It covers the structure and functionality of the Internet, basic cryptography, as well as organizational and managerial aspects of information security and privacy.


The course also covers the implications of the rise of AI in terms of both security, privacy, ethics, and regulation. This includes an academic approach to using AI by using a critical focus on explainability, transparency and validity in working with AI.


Course Structure: The first part of the course covers key concepts including computer networks, CIA, and threats and attacks (e.g., ransomware, denial-of-service, social engineering, etc.) along with technical protection mechanisms (e.g., cryptographic methods, firewalls, intrusion detection and prevention systems, etc.) and managerial security practices (e.g., security policy, staffing, access control models, etc.). The second part of the course covers key concepts in privacy (e.g., privacy concerns, law and ethics, surveillance capitalism, economics of privacy, privacy decision making, etc.) and covers practical implications at the individual, organizational, and governmental level.


The course requires no prior knowledge of IT or computer networks. Technical concepts and terms are introduced with comprehensive explanations and demonstrated with hands-on exercises.

Description of the teaching methods
The course involves various pedagogical method including lectures, simulation games, hands-on activities, documentaries, presentations, and case discussions.
Feedback during the teaching period
The following feedback is offered:
• Question and answer sessions during lectures.
• Exercises, where the students will get feedback on their work and answers to exercise questions.
• Feedback to mandatory assignments.
• Individual consultations during office hours.
Student workload
Lectures 30 hours
Exercises 30 hours
Preparation, including mandatory assignments 110 hours
Exam preparation and exam 36 hours
Expected literature

The literature can be changed before the semester starts. Students are advised to find the final literature on Canvas before buying any material.


Whitman, M. E., and Mattord, H. J. (2018). Management of Information Security, 6th Edition, Cengage Learning, Inc.

Kurose, J., and Ross, K. W., (2017). Computer networking : a top-down approach, 7th ed, Pearson. (excerpts)

Last updated on 29-01-2024